CVE-2019-9727

Unauthenticated password hash disclosure in the User.getUserPWD method in eQ-3 AG Homematic CCU3 3.43.15 and earlier allows remote attackers to retrieve the GUI password hashes of GUI users. This vulnerability can be exploited by unauthenticated attackers with access to the web interface.

Published : 2019-05-13 17:29 Updated : 2019-05-14 16:33

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Eq-3 Ccu3 Firmware 3.43.15 cpe:/o:eq-3:ccu3_firmware:3.43.15
  1. Eq-3 (1) Search CVE
    1. Ccu3 Firmware (1) Search CVE
      1. 3.43.15

CWE

ID Name Description Links
CWE-255 Credentials Management Weaknesses in this category are related to the management of credentials. CVE

History of changes

Date Event
2019-05-14 16:33
2019-05-13 17:29

New CVE